Given the short history of mashups in the enterprise, IT departments likely don’t entirely understand the technology’s role in the business. Organizations can fall victim to mashup mistakes given the markedly different approach necessary to deploy and maintain them across the organization.

To start, the mashup is not the enterprise application. The latter, typically a large-scale long-term project led by the IT department, requires extensive designing, coding, deployment and ultimately user training. By contrast, a mashup is not built by IT. Rather, it’s owned and created by a small group of business users who want to combine data in a customized fashion and consume it in small doses.

For that reason, mashups could number in the thousands within a single enterprise alone, said John Crupi, chief technology officer at JackBe Corp., a mashup platform vendor based in Chevy Chase, Maryland. “It’s not about creating something that serves a thousand users, it’s about a mashup that may serve 10 users but you could have hundreds of thousands of mashups,” he said.

The concept of building things for one or two people is largely foreign to IT, said Crupi. And although it may appear initially trivial in the eyes of IT to create a mashup by simply writing some code, that process will inevitably be multiplied by many small groups of users who each want their unique version of a mashup.

Mashups should therefore be driven and created by the business, and IT’s role should be relegated to advisory support. “If you go to IT and say you want to do mashups on this data, they’ll say they are moving to services-oriented architecture (SOA) in 2011. But the business needs it now,” said Crupi.

By design, mashups are intended to be very light-weight and ad-hoc, without the “overhead and heavy-weight style” that has traditionally characterized the IT environment, said Ed Julson, senior director of product marketing with mashup technology provider Palo Alto, Calif.-based Kapow Technologies.

A mindshift is required of IT for mashups to be successful, said Kapow’s founder and chief technology officer, Stefan Andreasen. Specifically, there needs to be recognition of the fact that knowledge workers are increasingly using desktop applications to optimize their work. “Mashups is the natural follower of the evolution of what is happening there,” said Andreasen.

Armonk, New York-based IBM Corp. recently released the Mashup Center, a platform enabling business users to create mashups on their own. The company’s global vice-president of portals and mashups, Larry Bowden, said there are a couple of advantages to letting the business user own the mashup. First, a group of business users with the skillset to assemble mashups brings power and innovation in numbers compared to the limited resources of the IT department.

Second, users in a particular department know their business better than any other, said Bowden, and mashups should be placed “in the hands of the business users to really lets them iterate and improve upon on a daily basis, as they learn in response to what’s happening in the marketplace.”

But placing the mashup in the hands of the user still means that IT has to ensure the right environment to facilitate the mashup, like appropriate authorization against certain data sources, said Bowden. Some organizations allow mashups to freely combine elements from the Web with corporate data, and “you’ll have other companies that are in regulated environments, like banking, and the last thing you’re going to do is let a piece of information about a person’s account or hard numbers ever get mashed up in a market intelligence study.”

But although IT may be committed to relegating mashups to the business user, the corporate culture might not be ready for it. Employees may not know how to even envision, build and use mashups, said Vinay Nair, research manager for enterprise applications, with Toronto-based research firm IDC Canada Ltd.

Warming up to the mashup will likely happen with the younger generation who has perhaps already built mashups for their personal use and now want to extend that technology to the job.

But besides often committing the mistake of assigning mashups to IT, organizations will often apply mashups to the wrong problem. The issue partly stems from semantics, said Crupi, because mashups are about combining — not integrating — data. Merely combining data suggests that it gets delivered to the user in a consumable form that requires minimal transformation and cleansing. “If it’s in the form that it just requires minor tweaks… then it’s a prime candidate for mashups,” said Crupi.

Assigning mashups to the wrong problem is also a result of “unfortunate hype” around the technology, said Bowden. He advises against using mashups for applications requiring high security and that cater to a large volume of users like online e-banking.

In fact, the mashup is generally seen as “a good-enough application” that just meets the needs of a group of users to get the job done, said Bowden. Mashups are a tactical — not strategic — approach to problems that would never get addressed through the IT department’s normal development process, he said.

Bowden has observed enterprise adopters of mashups to be cross-industry where the requirement is to obtain customized data in a time-critical fashion. The technology is also often seen in businesses that want employees to be informed about market intelligence, competition, price change, stock changes, and the economic environment for instance. “If you want to be engaged in more than once a month updates, this really helps you accomplish that,” said Bowden.

But for a business to reap value from a mashup, the technology has to render something new to the user. “It’s not about mashing up hundreds of data sets. The importance here is getting the right data,” said Andreasen. An organization that uses the same data feed providers as its competitors can’t expect to derive novel business decisions from stale information.

While some data sources may be more legitimate than others, Andreasen said that mashups really only work if IT grants the business user some degree of freedom to build mashup creations using the plethora of available sources on the Web. “Mashups are about being creative and finding new ways to solve problems more efficiently,” he said.

But there needs to be a balance between enabling user creativity and security and governance. The danger lies in assuming enterprise mashups are like consumer mashups because, said Crupi, in the “enterprise, everything has to move behind the firewall and in the data centre, so security and governance are the ultimate design tenants that have to be in the infrastructure.”

“One of the big missteps that we see is trying to implement mashups without any notion of security and governance in place,” said Crupi. He added that part of the problem is that mashups are an SOA-style service, and there has yet to be a standard way to instill security and governance into an SOA infrastructure given the loosely-coupled design.

Nair said that although point solutions exist for dealing with the governance issue surrou